REMARKS 

This amendment is filed in response to the Office Action mailed November 25, 2009 (the 
"Action"). Reconsideration of the application is respectfully requested. Claims 2-8, 10-17, 35- 
41 and 43-62 are pending. Claims 2-8, 10-17, 35-41 and 43-62 have been rejected. Editorial 
amendments have been made to the claims. All amendments are supported by the original 
disclosure; no new matter has been added. 

Rejections under 35 U.S. C. $112 

The Action rejected claims 2, 14, 35, 43, 51, and 59 under 35 U.S.C. § 1 12, second 
paragraph, as being indefinite. Specifically, the Action argued that the language "a protocol 
substantially in compliance with the Kerberos protocol," as previously appearing in the rejected 
claims, "fail[ed] to impose any limitation" upon the language of the claims and was "therefore 
indefinite." [Action, at § 3, page 2.] While Applicant does not agree with the Action's 
characterization of the previously-pending claim language, Applicant has amended the claims to 
expedite prosecution. For example, claim 1 now recites, "generating ... a Ticket-Granting- 
Ticket in compliance with the Kerberos protocol." This language is supported in the 
Application; for example, the Application describes the Kerberos protocol: 

Kerberos is a trusted third-party authentication protocol designed for 
client/server interactions. J. Kohl and B. Neuman, " The Kerberos network 
authentication service {version 5)," RFC-1510, 1993. Hereafter, a service that is 
substantially in compliance with the above Kerberos specification, its derivatives, 
or antecedents is simply referred to as "Kerberos." This includes imperfect or 
corrupted implementations. 

A Kerberos service allows a person or client to access different machines 
on a network. Kerberos shares a different secret key with every entity on the 
network and knowledge of that secret key is considered proof of identity. 

[Application, at page 1, lines 11-18.] Applicant respectfully submits that the language of claims 

2, 14, 35, 43, 51, and 59, as amended, satisfies the requirements of 35 U.S.C. § 1 12, second 

paragraph. Applicant respectfully requests that the rejection of claims 2, 14, 35, 43, 51, and 59 

be withdrawn and that the claims be allowed. 
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Rejections under 35 U.S.C. § 103(a) 

Claims 2-8, 10-17, 35-41, and 43-62 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over U.S. Patent Application Publication 2003/0093694 of Medvinsky et al. 
("Medvinsky"), in view of U.S. Patent No. 5,809,144 to Sirbu et al. ("Sirbu") and further in view 
of U.S. Patent No. 6,678,731 to Howard et al. ("Howard"). However, Medvinsky, Sirbu, and 
Howard, taken either separately or in combination, do not describe, teach, or suggest each and 
every element as set forth in the amended claims. Accordingly, Applicants request that all 
rejections be withdrawn. 

In its simultaneous rejection of independent claims 7, 8, 13, 40, 41, 46, 52, and 58, the 

Action notes that particular claimed language is not taught in Medvinsky and instead finds this in 

Howard. For example, the Action argues: 

Howard . . . discloses the granting service, determining if that the 
requested service is provided by a plurality of servers; (column 3, lines 16-36 - 
access granted to multiple web servers) and the granting service generating a 
session key; for each providing server (column 7, lines 48-56) . . . creating a 
Service Ticket that includes the encrypted session keys for the plurality of 
providing servers; (column 7, lines 10-1 - data is encrypted, column 7, lines 48- 
67 - generation of the ticket; column 9, lines 66 - column 10 line 14 - 
embodiment where each server has unique value in the ticket, (i.e. key associated 
with each server). 

[Action, at § 4, pages 3, 4.] Applicants respectfully note that, while the Action does not cite to 

particular language of the claims, even the above-recited characterization of the claim language 

is not disclosed or taught by Howard. As such, the combination of Medvinsky, Sirbu, and 

Howard fails to teach each and every element of the independent claims. 

Applicants respectfully note first that editorial amendments have been made to the 

claims. For example, claim 7, as amended, now recites: 

7. A method of generating a Service Ticket for a requested Service 
comprising: 

receiving, by a granting service of a computing device, the computing 
device being different and distinct from a client, a request for a Service Ticket 
from the client; 
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determining, by the granting service, that the requested service is provided 
by a plurality of servers; 

generating, by the granting service, a session key; 

for respective providing servers out of the plurality of servers, encrypting, 
by the granting service, a copy of the session key with respective secret keys 
associated with the respective providing servers; 

creating, by the granting service, a Service Ticket that includes the 
encrypted session keys for the plurality of providing servers; and 

transmitting, by the granting service, the Service Ticket to the client. 

Regardless of the amendments, however, Applicants note that the Action does not individually 
address the language of the claims. Therfore, Applicants will proceed to respectfully note how 
the characterizations of Howard provided above are in error. 

Howard's description of an authentication server does not disclose or teach "determining 
if that the requested service is provided by a plurality of servers" as argued in the Action. The 
independent claims recited various "determining" language. For example, claim 7 recites, in 
part: 

determining, by the granting service, that the requested service is provided 
by a plurality of servers .... 

While claim 8 recites: 

determining, by the granting service, that the requested service is not 
provided by a plurality of servers .... 

Howard, by contrast, is directed to an authentication server which is asked by a network server 

on its network to authenticate users who seek to access the network server. [Howard, at 

Abstract.] In its rejection of the claims, the Action argues that Howard teaches "access granted 

to multiple web servers" at column 3, and that this reads on the "determining" language above. 

Applicants respectfully note, however, that the act of an authorization server granting access 

does not by itself mean the server "determines if that the requested service is provided by a 

plurality of servers." 

Indeed, the Abstract clearly states that the authentication process begins with a network 

server asking Howard's authentication server to authenticate users: 

Prior to granting access to the network server, the network server 
authenticates the user by sending an authentication request to an authentication 
server. The authentication server determines whether the user was already 
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authenticated by the authentication server. If the user is authenticated by the 
authentication server, then the network server is notified that the user is 
authenticated through the use of an authentication ticket, and the network server 
grants the network server user access. 

[Howard, at Abstract.] This process, where authentication begins with a request from the server 

for whom access is desired, is reiterated at least at column 3, lines 48-58 of Howard. Because 

Howard directly responds to requests from individual servers, Applicants fail to see how Howard 

can disclose or teach "determining if that the requested service is provided by a plurality of 

servers." In fact, Howard teaches directly away from this determination, as it relies on contact 

from the servers to identify which servers are being accessed rather than performing a 

determination itself. 

In addition, Applicants note that Howard's general discussion of SSL and other 
encryption methods does not disclose or teach "creating a Service Ticket that includes the 
encrypted session keys for the plurality of providing servers," " where each server has unique 
value in the ticket" as argued in the Action. The Action cites to passages from columns 7, 9, and 
10 in its rejection of the independent claims. Applicants note the cited passage at column 7, 
lines 48-56 discusses creation of an "authentication ticket" which "indicates whether a particular 
user has been authenticated by the authentication server." [Howard, at column 7, lines 51-52.] 
However, the passage does not describe the inclusion of multiple encrypted versions of a session 
key, as argued in the Action. Furthermore, while the cited passage at columns 9 and 10 of 
Howard describes using a "login ID" which is unique to a particular server, it also does not 
describe a ticket with multiple encrypted versions of a session key, as argued in the Action. 

For at least these reasons, neither Medvinsky nor Howard, taken either alone or in 
combination, disclose or teach the above-discussed features. Applicants also fail to find relevant 
disclosure for these features in Sirbu, which is cited for "transmitting the service ticket to the 
client." Applicants respectfully submit, therefore, that Medvinsky, Howard, and Sirbu, taken 
either alone or in combination, fail to teach or suggest at least one element of the independent 
claims. 

Independent claims 7, 8, 13, 40, 41, 46, 52, and 58 should therefore be allowable over 
Medvinsky, Howard, and Sirbu. Additionally, while Applicants do not belabor the separate 
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allowability of dependent claims 2-6, 10-12, 14-17, 35-39, 43-45, 47-51, 53-57, and 59-62, 
Applicants note that each recites, based on independent claims 7, 8, 13, 40, 41, 46, 52, and 58, at 
least one element not shown in the combination of Medvinsky, Howard, and Sirbu for the 
reasons discussed above. Claims 2-8, 10-17, 35-41, and 43-62 are thus allowable over 
Medvinsky, Howard, and Sirbu. Applicants respectfully request that the rejection of claims 2-8, 
10-17, 35-41, and 43-62 under § 103(a) be withdrawn and that claims 2-8, 10-17, 35-41, and 43- 
62 be allowed. 
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CONCLUSION 

In view of the foregoing, reconsideration and allowance of pending claims are solicited. 
If the Examiner has any questions concerning the present paper, the Examiner is kindly 
requested to contact the undersigned at (503) 796-2446. If any fees are due in connection with 
filing this paper, the Commissioner is authorized to charge the Deposit Account of Schwabe, 
Williamson and Wyatt, P.C., No. 500393. 

Respectfully submitted, 

Schwabe, Williamson & Wyatt, P.C. 



Date: February 19. 2010 by: /Ryan C. Fox / 

Ryan C. Fox 
Reg. No.: 65,369 



Schwabe, Williamson & Wyatt, P.C. 
Pacwest Center, Suites 1600-2000 
1211 SW Fifth Avenue 
Portland, Oregon 97222 
Telephone: 503-222-9981 
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